Our goal is to establish trustworthy software execution on untrusted mobile platforms that have a persistent or occasional network connection to a trusted entity at their disposal. With the ASPIRE solutions, we want mobile software security to become (1) trustworthy by leveraging on the available network connection and developing a layered security approach of strong protections; (2) measurable by developing practical metrics based on validated attack and protection models; (3) cheaper by integrating support for the protections into an industrial-strength ASPIRE Framework; (4) more valuable by enabling shorter time-to-markets; and (5) more productive by being more widely applicable.
To provide software protection that is equally strong as the existing hardware-based protection, we will develop software protection techniques along five mutually strengthening lines of defense: data hiding, algorithm hiding, anti-tampering, remote attestation, and renewability. We will integrate compiler support for all lines of defense into the framework to enable service, software and content providers to automatically protect the assets in their mobile apps with the most appropriate local and network-based protection techniques. A decision support system will assist non-security-expert software developers to tune the tool chain for their assets and protection needs. This decision support system will reduce their time-to-market and lower their market entry ticket price. Research into appropriate models and metrics, as well in a protection evaluation methodology will support the system's design and development.We will demonstrate and validate the developed technology on three real-world use cases from the industrial partners in the mentioned domains, and in a public challenge. Whereas Europe currently leads in hardware protection, the ASPIRE project will allow it to remain competitive in the rapidly growing global mobile economy and society by allowing its mobile service providers to embrace software protection.